[cisco-voip] Certificate question
Joe Martini
joemar2 at cisco.com
Thu Jan 2 08:14:30 EST 2014
James,
You do not have to get your certificate issued by Thwate, GoDaddy, Verisign, etc, you can use your internal Certificate Authority (CA) server instead. In order to do this, you would need to create a Certificate Signing Request (CSR) for Tomcat on your CUCM server(s) and get a certificate generated based on the CSR. Here’s a great guide with instructions for how to generate the CSR, get it internally signed, and re-uploaded to CUCM, https://supportforums.cisco.com/docs/DOC-6119.
You could apply a new certificate to all your servers by using this same process for each server in your cluster, or you can install a new certificate on only the server users usually access to fix the certificate warning that is displayed.
Note that if you do use an internal server to issue the certificate, the client computers and/or browsers need to have the root certificate (issuing server’s certificate) installed. If you are using Active Directory and Internet Explorer the certificates should already be in place on each computer that has joined the domain. For non-Windows computers or other browsers such as Firefox, the issuing servers certificate would have to be added to the certificate store the browser uses. Lastly once everything is in place, the URL used to access the servers has to be a hostname. Even if all the certificates are in place, using an IP address for the URL to access the servers will cause the certificate error to appear.
Joe
On Jan 2, 2014, at 6:59 AM, James Dust <james.dust at charles-stanley.co.uk> wrote:
Hi there,
I have a certificate question I need help with as I haven’t either created or uploaded one to our CUCM cluster before (cucm 8.1.3)
When navigating to either the administration page or end user page for the first time any user within our network is presented with an error message stating the website is now trusted. Now it’s no problem as it can be entered through but for my own knowledge I would like to resolve this.
My first question is do we need to export a certificate and get it to Thwate or someone like that, or can I just self-sign the certificate as it is just an internal network resource to us.
My second question is what do I need to export?
Kind regards
James
Consider the environment - Think before you print
The contents of this email are confidential to the intended recipient and may not be disclosed. Although it is believed that this email and any attachments are virus free, it is the responsibility of the recipient to confirm this.
You are advised that urgent, time-sensitive communications should not be sent by email. We hereby give you notice that a delivery receipt does not constitute acknowledgement or receipt by the intended recipient(s).
Details of Charles Stanley group companies and their regulators (where applicable), can be found at this URL http://www.charles-stanley.co.uk/contact-us/disclosure/
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20140102/ee07db17/attachment.html>
More information about the cisco-voip
mailing list